e38f21ebea32604e4eb53752699175be72bff67e891a9bc5ba06538225554398 | Triage

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
07-04-2022 16:51

Sharing

Report Analysis Logs

General

Target

1c51743f17f9c5857d6ef3e2055d7e5c.exe
Size

37KB
MD5

1c51743f17f9c5857d6ef3e2055d7e5c
SHA1

a7ff86648725f2113316fe43c3e090ecdddde833
SHA256

e38f21ebea32604e4eb53752699175be72bff67e891a9bc5ba06538225554398
SHA512

839246085d1e9ce3be6bf618e00812c223a0e7ad5d71d1debe7ce0a5e8653dfd66d0860f79382ec71edf97093e6e23a8e54313aad01ea6ed76b8a3fbacb33f22

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

1c51743f17f9c5857d6ef3e2055d7e5c.exefondue.exe

description	pid	process	target process
PID 4376 wrote to memory of 4440	4376	1c51743f17f9c5857d6ef3e2055d7e5c.exe	fondue.exe
PID 4376 wrote to memory of 4440	4376	1c51743f17f9c5857d6ef3e2055d7e5c.exe	fondue.exe
PID 4376 wrote to memory of 4440	4376	1c51743f17f9c5857d6ef3e2055d7e5c.exe	fondue.exe
PID 4440 wrote to memory of 376	4440	fondue.exe	FonDUE.EXE
PID 4440 wrote to memory of 376	4440	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe
"C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4376

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4440

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/376-125-0x0000000000000000-mapping.dmp

Download
memory/4440-124-0x0000000000000000-mapping.dmp

Download